Using RBAC in Flask

Extending our `@requires_auth` Decorator

ND004 C03 L04 A04 Using RBAC In Flask 1

For clarity, here is the complete check_permissions method:

def check_permissions(permission, payload):
    if 'permissions' not in payload:
                        raise AuthError({
                            'code': 'invalid_claims',
                            'description': 'Permissions not included in JWT.'
                        }, 400)

    if permission not in payload['permissions']:
        raise AuthError({
            'code': 'unauthorized',
            'description': 'Permission not found.'
        }, 403)
    return True

Try it Yourself!

Task Description:

Follow along and run the code on your local machine:

Task List:

Clone the Basic Flask Auth code: https://github.com/udacity/FSND/tree/master/BasicFlaskAuth

Replace all @TODO flags in the app.py file

Follow the instructions in the README.md

Extend the code using the video as a guide

Use Postman to test the /headers with and without your newly issued JWT as a bearer token

Task Feedback: